CVE-2003-1029

NONE EPSS 95.0%
Published Feb 17, 200422y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 17, 2004 22y ago
Last Modified Jun 16, 2026 2w ago

Description

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

Threat Intelligence

EPSS Exploit Probability
95.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
lbltcpdump3.4any
lbltcpdump3.5any
lbltcpdump3.5.2any
lbltcpdump3.6.2any
lbltcpdump3.6.3any
lbltcpdump3.7any

References 12

  • lwn.net http://lwn.net/Alerts/66805/
  • marc.info http://marc.info/?l=bugtraq&m=107193841728533&w=2
  • marc.info http://marc.info/?l=bugtraq&m=107213553214985&w=2
  • marc.info http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2
  • secunia.com http://secunia.com/advisories/10636
  • secunia.com http://secunia.com/advisories/10652
  • secunia.com http://secunia.com/advisories/10668
  • secunia.com http://secunia.com/advisories/10718
  • debian.org http://www.debian.org/security/2004/dsa-425
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
  • securityfocus.com http://www.securityfocus.com/archive/1/350238/30/21640/threaded
  • securitytracker.com http://www.securitytracker.com/id?1008748

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-425
    PatchVendor Advisory